Wednesday, January 12, 2011

Hudson, Tomcat and cacerts

Setting up a secure connection for any application, doesn't really require too much effort in terms of the process involved. It is supposed to be simple. Yet one often gets stuck on the simplest of steps simply because there is no tool or no simple answer other than trial & error.

What if someone asks you to import the server certificate into your application server's truststore. Simple right? Well no! There never seems to be a simple and straightforward answer to the question: "Well, where exactly is the current truststore?"

Where is the cacerts being used by a Tomcat instance that runs Hudson?
Navigating to Hudson > Manage Hudson > System Information will enlighten you to two possibilities:
1) the value for java.home (C:\Program Files\Java\jre6) under the "System Properties" table is a starting point, and
2) the value for JAVA_HOME (C:\Program Files\Java\jdk1.6.X_XX) under the "Environment Variables" table is another.

But not knowing which one exactly can be a bit frustrating because you need to stop and start your Tomcat again and again until you get it right. One could just import the server certificate into the cacerts file under both these locations but then you will still not know which was the right one.

Well if you are starting Tomcat as a Windows Service then the answer is use the file at ${java.home}\lib\security\cacerts. Otherwise if you use the start/stop scripts then the ${JAVA_HOME}\jre\lib\security\cacerts is your best bet.


Post a Comment